Description
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin External Media without Import Cross-Site Scripting (1.0.1)
Drupal CVE-2008-4793 Vulnerability (CVE-2008-4793)
WordPress Plugin Auto Post to Social Media-WordPress to Buffer Cross-Site Scripting (3.7.4)
WordPress Plugin Mass Pages/Posts Creator Cross-Site Scripting (1.2.2)
Drupal Core 9.0.x Multiple Cross-Site Scripting Vulnerabilities (9.0.0 - 9.0.5)